Lack of Authorization and Stored XSS Via Translation Abuse
CVE-2023-41791

8.4HIGH

Key Information:

Vendor: Pandora Fms
Status: Pandora Fms
Vendor: CVE Published:; 23 November 2023

🔔 Create Pandora Fms Vulnerability Alert

What is CVE-2023-41791?

A Cross-Site Scripting (XSS) vulnerability in Pandora FMS allows users with low privileges to inject malicious JavaScript code through a translation string. This attack vector compromises the integrity of system configuration files and poses significant risks to the application's security. Organizations using affected versions, ranging from 700 to 773, need to promptly address this vulnerability to prevent potential exploitation.

Affected Version(s)

Pandora FMS all 700 <= 773

References

https://pandorafms.com/en/security/common-vulnerabilities...

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

Oliver Brooks <[email protected]>